Security Articles from Wikipedia
Security Articles from Wikipedia
Security Articles from Wikipedia
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Digital signature 47<br />
Digital signatures vs. ink on paper signatures<br />
An ink signature could be replicated <strong>from</strong> one document to another by copying the image manually or digitally, but<br />
to have credible signature copies that can resist some scrutiny is a significant manual or technical skill, and to<br />
produce ink signature copies that resist professional scrutiny is very difficult.<br />
Digital signatures cryptographically bind an electronic identity to an electronic document and the digital signature<br />
cannot be copied to another document. Paper contracts sometimes have the ink signature block on the last page, and<br />
the previous pages may be replaced after a signature is applied. Digital signatures can be applied to an entire<br />
document, such that the digital signature on the last page will indicate tampering if any data on any of the pages have<br />
been altered, but this can also be achieved by signing with ink all pages of the contract.<br />
Additionally, most digital certificates provided by certificate authorities to end users to sign documents can be<br />
obtained by at most gaining access to a victim's email inbox.<br />
Important paper documents are signed in ink with all involved parties meeting in person, with additional<br />
identification forms other than the actual presence (like driver's licence, passports, fingerprints, etc.), and most<br />
usually with the presence of a respected notary that knows the involved parties, the signing often happens in a<br />
building which has security cameras and other forms of identification and physical security. The security that is<br />
added by these type of ink on paper signatures cannot be currently matched by digital only signatures.<br />
Some digital signature algorithms<br />
• RSA-based signature schemes, such as RSA-PSS<br />
• DSA and its elliptic curve variant ECDSA<br />
• ElGamal signature scheme as the predecessor to DSA, and variants Schnorr signature and Pointcheval–Stern<br />
signature algorithm<br />
• Rabin signature algorithm<br />
• Pairing-based schemes such as BLS<br />
• Undeniable signatures<br />
• Aggregate signature - a signature scheme that supports aggregation: Given n signatures on n messages <strong>from</strong> n<br />
users, it is possible to aggregate all these signatures into a single signature whose size is constant in the number of<br />
users. This single signature will convince the verifier that the n users did indeed sign the n original messages.<br />
The current state of use — legal and practical<br />
Digital signature schemes share basic prerequisites that— regardless of cryptographic theory or legal provision—<br />
they need to have meaning:<br />
Quality algorithms<br />
Some public-key algorithms are known to be insecure, practicable attacks against them having been<br />
discovered.<br />
Quality implementations<br />
An implementation of a good algorithm (or protocol) with mistake(s) will not work.<br />
The private key must remain private<br />
if it becomes known to any other party, that party can produce perfect digital signatures of anything<br />
whatsoever.<br />
The public key owner must be verifiable<br />
A public key associated with Bob actually came <strong>from</strong> Bob. This is commonly done using a public key<br />
infrastructure and the public key user association is attested by the operator of the PKI (called a certificate